Date: Mon, 30 Jun 2014 07:43:51 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Cc: CVE Assignments MITRE <cve-assign@...re.org> Subject: Confusion on CVE-2014-0235 Hi I noticed that CVE-2014-0235 apparently was used twice: CVE-2014-0235 file: extensive backtracking in awk rule regular expression (incomplete fix for CVE-2013-7345): * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0235 But then also for Microsoft Internet Explorer 9: "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1751 and CVE-2014-1755.". * https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0235 Would be appreciated if you can clarify which is correct and how to reference the file issue. Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.